Steady progress on the mobile wallet ahead of mainnet launch. This week's hardening pass focused on the screens where mistakes cost money, here's what's now in: Bulletproof seed handling - Recovery phrase only reveals when you press-and-hold, no accidental exposure - Copy-to-clipboard removed entirely (malware can't grab it from the clipboard) - Cloud backup is always password-encrypted; your raw seed never leaves the device - Screenshots and screen recordings blocked on every sensitive screen (iOS + Android) Smarter sending - Every transaction simulated before you confirm, with a clear LOW / MEDIUM / HIGH risk score - Sending to a new address? You'll see a warning and confirm by typing the last 4 characters - High-value sends (>5% of balance) require an extra typed confirmation - Full address always visible with bold first/last characters for at-a-glance verification Safer dApp connections - See exactly what permissions a dApp wants before approving - Spoofed/lookalike domain warnings to catch phishing sites - Sign-message screens explain what you're actually authorizing — no more blind blob signing - Connected Apps screen in Settings: revoke any session with one tap Better biometrics - Face ID / Fingerprint prompts now describe the action ("Confirm 10 SOL send with Face ID") instead of generic "Authenticate" - 5 wrong PIN attempts triggers a live cooldown countdown - Adding or changing a fingerprint forces full PIN re-auth (protects against device hijack) Honest privacy - Private (ZK) transactions show real progress stages, Preparing witness → Generating proof → Broadcasting. No fake percentage bars.
Coming up: seed-confirmation hardening, recovery & forgot-PIN flow polish, haptic feedback map, and the final design system pass before mainnet code freeze.
